Microsoft Confirms Active Exploitation of Windows Bug, Windows 10 Patch Still Pending

April's Patch Tuesday update addresses over 120 vulnerabilities, including a ransomware-linked flaw, but Windows 10 users remain exposed.

Microsoft's latest Patch Tuesday update includes fixes for over 120 vulnerabilities, with 11 classified as critical, though none received CVSS scores above 8.1.
The actively exploited CVE-2025-29824 vulnerability in the Windows Common Log File System Driver, used by Storm-2460 to deliver 'PipeMagic' ransomware, remains unpatched on Windows 10.
While patches have been released for Windows Server and Windows 11, Microsoft has yet to provide a timeline for a Windows 10 fix, leaving users vulnerable to potential attacks.
Critical remote code execution vulnerabilities affecting Office, Excel, LDAP, and Remote Desktop were also addressed in this update, with some requiring additional administrative actions for full remediation.
Other tech companies, including Adobe and AMD, released significant security patches this month, addressing vulnerabilities across a wide range of products.